Separate hardcoded values and add signing

This commit is contained in:
Davide Depau 2020-04-30 01:22:18 +02:00
parent 91648d180f
commit 1f80b91d07
No known key found for this signature in database
GPG key ID: F7F589B2907FBD24
2 changed files with 90 additions and 23 deletions

View file

@ -1,3 +1,5 @@
load('@lib//arch_pkg:settings.star', 'default_settings')
PLATFORMS = {
'aarch64': {'os': 'linux', 'arch': 'arm64'},
'x86_64': {'os': 'linux', 'arch': 'amd64'},
@ -6,7 +8,6 @@ PLATFORMS = {
'i386': {'os': 'linux', 'arch': '386'},
'pentium4': {'os': 'linux', 'arch': '386'}
}
DOCKER_IMAGE = "depau/drone-makepkg:{arch}"
# For debugging purposes since Drone CLI won't print anything unless you
# give it a somewhat valid pipeline
@ -18,10 +19,26 @@ def _debug_bogus(*a, **kw):
}
def generate(config):
# "Unfreeze" config so we can add defaults and pass them around
_cfg = {}
_cfg.update(config)
config = _cfg
# Retrieve architectures with special configuration
special_archs = {arch: cfg for arch, cfg in config.items() if arch in PLATFORMS.keys()}
# Retrieve architectures with common configuration
others = config.get("all") or config.get("others") or None
# Apply pipeline-specific settings on top of defaults, if any
settings = {}
settings.update(default_settings)
settings.update(config.get('settings', {}))
config['settings'] = settings
# Expand common config architectures into one dict, together with the
# special architectures
if others:
# Ensure architectues are specified when using a generic config
if "arch_matrix" not in config:
print("arch_matrix is required if all/others is defined")
return None
@ -42,6 +59,7 @@ def generate(config):
pipelines = []
# Generate pipelines for every arch
for arch, archconfig in archs.items():
pipelines.append(generate_pipeline(config, arch, archconfig))
@ -52,12 +70,14 @@ def generate(config):
def generate_pipeline(config, arch, archconfig):
pipeline = {
'kind': 'pipeline',
'type': 'docker',
settings = config['settings']
pipeline = {}
pipeline.update(settings['pipeline'])
pipeline.update({
'name': arch,
'platform': PLATFORMS[arch]
}
})
steps = []
@ -73,7 +93,7 @@ def generate_pipeline(config, arch, archconfig):
pull_set = False
for pkgconfig in archconfig:
stepcfg = step_git(pkgconfig) if is_git(pkgconfig) else step_aur(pkgconfig)
stepcfg['image'] = DOCKER_IMAGE.format(arch=arch)
stepcfg['image'] = settings['images']['build'].format(arch=arch)
if not pull_set:
# Ensure the image is pulled in the first step
@ -82,10 +102,14 @@ def generate_pipeline(config, arch, archconfig):
steps.append(stepcfg)
steps += upload_steps(arch)
# Add additional steps
for step in settings.get('additional_steps', []):
image = settings['images'][step].format(arch=arch)
step_fn = ADDITIONAL_STEPS[step]
steps.append(step_fn(image, arch, settings.get(step, {})))
if config.get('master_only', True):
# Allow builds only in the master branch by default
if config.get('master_only', True):
for step in steps:
step['when'] = {'branch': ['master']}
@ -147,19 +171,35 @@ def step_git(pkgconfig):
return None
# TODO: probably it's better not to hardcode everything here
def upload_steps(arch):
return [{
def sign_step(image, arch, settings):
step = {
'name': 'sign',
'image': image,
'settings': {}
}
step['settings'].update(settings)
step['settings'].update({
'sign_dir': 'out'
})
return step
def upload_step(image, arch, settings):
step = {
'name': 'upload',
'image': 'plugins/s3',
'settings': {
'endpoint': 'https://objstor.depau.eu',
'bucket': 'archlinux-packages',
'access_key': {'from_secret': 'minio_user'},
'secret_key': {'from_secret': 'minio_passwd'},
'image': image,
'settings': {}
}
step['settings'].update(settings)
step['settings'].update({
'source': 'out/*',
'target': '/' + arch,
'strip_prefix': True,
'path_style': True
}
}]
'strip_prefix': True
})
return step
ADDITIONAL_STEPS = {
'sign': sign_step,
'upload': upload_step
}

27
settings.star Normal file
View file

@ -0,0 +1,27 @@
default_settings = {
'images': {
'build': "depau/drone-makepkg:{arch}",
'sign': "depau/drone-detach-sign:{arch}",
'upload': "plugins/s3"
},
'pipeline': {
'kind': 'pipeline',
'type': 'docker'
}
'additional_steps': ['sign', 'upload'],
'sign': {
'gpg_secret_key': {'from_secret': 'gpg_secret_key'},
'gpg_passphrase': {'from_secret': 'gpg_passphrase'}
},
'upload': {
'endpoint': 'https://objstor.depau.eu',
'bucket': 'archlinux-packages',
'access_key': {'from_secret': 'minio_user'},
'secret_key': {'from_secret': 'minio_passwd'},
'path_style': True
}
}